In XForms 1.0, submission action with a file: URI and method put and get is a MAY not a MUST. User agents that are unable to provide a file system (for example, by being unable to meet the requirements of the underlying platform for filesystem access control) need not provide file: action. Not every application of XForms is XForms+XHTML in a sandbox browser, but for those that are, sandboxing is the user agent responsibility. -----Original Message----- From: AndrewWatt2001@aol.com [mailto:AndrewWatt2001@aol.com] Sent: Friday, October 24, 2003 12:50 AM To: tvraman@almaden.ibm.com Cc: www-forms@w3.org; XForms@yahoogroups.com; bob.ducharme@lexisnexis.com Subject: XForms Security (Was: saving submitted XML locally) In a message dated 23/10/2003 21:56:35 GMT Daylight Time, tvraman@us.ibm.com writes: Use file:// URI to save it to local storage? >>>>>"DuCharme," == DuCharme, Bob (LNG-CHO) <bob.ducharme@lexisnexis.com> writes: DuCharme,> If I want to save the XML submitted by my XForm as DuCharme,> a local disk file, I suppose I could run Tomcat DuCharme,> and point submission/@action to a CGI running on DuCharme,> http://localhost:8080/whatever, but I'm wondering DuCharme,> if anyone knows a leaner way to do it. DuCharme,> DuCharme,> thanks, DuCharme,> DuCharme,> Bob -- Best Regards, --raman TV, What do you consider to be the security implications of the use of file:/// URLs in XForms? Do you consider that adequate safeguards are in place to prevent any chance of malicious exploits? Andrew Watt
Received on Friday, 24 October 2003 12:09:26 UTC